Table of Contents
Advertisement
VPN Overview
As it is most commonly defined, a Virtual Private Network (VPN) allows two or more private
networks to be connected over a publicly accessed network. VPNs share some similarities with
Wide Area Networks (WAN), but the key feature of VPNs is their use of the Internet rather than
reliance on expensive, private leased lines. VPNs boast tighter security and encryption features as
a private network, while taking advantage of the economies of scale and remote accessibility of
large public networks.
Internet Security Issues
All communication over the Internet uses the Transmission Control Protocol/Internet Protocol
(TCP/IP) or User Datagram Protocol (UDP). They convey packets from one computer to another
through a variety of intermediate computers and separate networks before they reach their
destination.
TCP/IP's great flexibility has led to its worldwide acceptance as the basic Internet and intranet
communications protocol. But, the fact that TCP/IP allows traffic to pass through intermediate
computers allows third parties to interfere with communications in the following ways:
•
Eavesdropping - Information remains intact, but its privacy is compromised. For example,
someone could learn your credit card number, record a sensitive conversation, or intercept
classified data.
•
Tampering - Information in transit is changed or replaced and then sent on to the recipient. For
example, someone could alter an order for goods or change a person's resume.
•
Impersonation - Information passes to a person who poses as the intended recipient.
Impersonation can take two forms:
–
–
Normally, users of the many cooperating computers that comprise the Internet or other networks
do not monitor or interfere with network traffic that continuously passes through their machines.
But, sensitive personal and business communications over the Internet require precautions that
address potential threats. Fortunately, a set of well-established techniques and standards
aggregated under Internet Protocol Security (IPSec)/Internet Key Exchange (IKE) and the Public-
Key Infrastructure protocol (PKI) make it relatively easy to take such precautions.
The combined features of the above protocols facilitate the following tasks:
Configuring the Virtual Private Network
Spoofing - A person can pretend to be someone else. For example, a person can pretend to
have the email address
www.acme.com
when it is not. This type of impersonation is known as spoofing.
Misrepresentation - A person or organization can misrepresent itself. For example, suppose
www.acme.com
the site
takes credit-card payments but never sends any goods.
jdoe@acme.com
, or a computer can identify itself as a site called
pretends to be a furniture store when it is really just a site that
14
XSR User's Guide 14-1
Advertisement
Table of Contents
Troubleshooting
